From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gribozavr@gmail.com>
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com
 [IPv6:2607:f8b0:4864:20::b2e])
 by sourceware.org (Postfix) with ESMTPS id 35C6E3858405
 for <gcc@gcc.gnu.org>; Tue, 23 Nov 2021 11:17:34 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 35C6E3858405
Received: by mail-yb1-xb2e.google.com with SMTP id v138so58527741ybb.8
 for <gcc@gcc.gnu.org>; Tue, 23 Nov 2021 03:17:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=8790bpvVFZojkaemOz3Ek3p78ukbNJWg35YbPdri/nc=;
 b=PuBxzqAr6TVfYcRCd0dEcxESayKTPXujWPdDDOKKC8jev9XRPUR52Ju6wB2nQ3lmuU
 aoVmEjek3u8eSZrJL4DPXKj2LpdyXmg2fKWmGtzoJlYWewRMcgubmTa0VBLfgvPBFZU9
 cLgCQGxfJBhfPHSl5daFUHUXam9tZr+Nw7jwXbPQDaB8WYp8GcOCqjrnJY+B7VzD4tUa
 HFEiLw5BtWllcC1kmQihUdVwXmUBvPlZtC1sEGRL1/rS9vfq9wgCE1ivMS8bJ4L5SNIn
 mBHhqNNbJNaJ6dI2fYy/MzGxBhQXW+qYQEACo+mNklUlAXYJM/1Y1bxBEAUpgsNSGh6L
 XYGg==
X-Gm-Message-State: AOAM532UlcqK1qnUI4Wwp7cIaodI+Gtxjn5LTzZ5gPVVg5J6bdD+vYGg
 2boj2hw7c0JSZqSyFYArQH89NYU4ZmeSGZ3C89M=
X-Google-Smtp-Source: ABdhPJwqjOkOrFXDxjiaeOzgqg+9ZNer81tS9C/eMjmtQCJ7TipRSVdeFvYwE3/l4le7IRIaxPb172k5epXX84m2kpk=
X-Received: by 2002:a25:6b46:: with SMTP id o6mr5342242ybm.19.1637666253711;
 Tue, 23 Nov 2021 03:17:33 -0800 (PST)
MIME-Version: 1.0
References: <a0e33e64-460a-6830-69ac-a67b52734bd5@gmail.com>
 <alpine.DEB.2.22.394.2111152016210.369620@digraph.polyomino.org.uk>
 <56a1a945-608e-0e5e-7610-c35481abb980@gmail.com>
 <alpine.DEB.2.22.394.2111152214190.369620@digraph.polyomino.org.uk>
 <4883fa8c-2d99-2611-a8e2-6c7612283da4@gmail.com>
 <alpine.DEB.2.22.394.2111152241180.369620@digraph.polyomino.org.uk>
 <c9b2f273-c8ae-519d-78b9-1d4f34f51c19@gmail.com>
In-Reply-To: <c9b2f273-c8ae-519d-78b9-1d4f34f51c19@gmail.com>
From: Dmitri Gribenko <gribozavr@gmail.com>
Date: Tue, 23 Nov 2021 12:17:07 +0100
Message-ID: <CA+Y5xYe_6uz06wX6OsT3=tjGJKzO+FBPOfQaaemtpY_2_gefAA@mail.gmail.com>
Subject: Re: [cfe-dev] ISO C3X proposal: nonnull qualifier
To: "Alejandro Colomar (man-pages)" <alx.manpages@gmail.com>
Cc: Joseph Myers <joseph@codesourcery.com>, gcc@gcc.gnu.org, 
 cfe-dev <cfe-dev@lists.llvm.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc mailing list <gcc.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc/>
List-Post: <mailto:gcc@gcc.gnu.org>
List-Help: <mailto:gcc-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 11:17:35 -0000

Hi Alejandro,

On Tue, Nov 16, 2021 at 1:34 PM Alejandro Colomar (man-pages) via
cfe-dev <cfe-dev@lists.llvm.org> wrote:
> First of all,
> I see unnecessary (probably over-engineered) qualifiers:
>
> - _Null_unspecified seems to me the same as nothing.
> If I didn't specify its nullability,
> it's by definition unspecified.  Right?
>
> - _Nullable seems to me also the same as nothing.
> The language allows for a pointer to be NULL,
> so if you don't specify if it can or not be null,
> you better stay on the safe side and consider it as nullable.

_Nullable is used in conjunction with the `#pragma clang
assume_nonnull begin/end` pragma that flips the default:

```
#pragma clang assume_nonnull begin
int *global_int_ptr; // implicitly _Nonnull
#pragma clang assume_nonnull end
```

Within these pragma brackets, you need to use _Nullable to get the
opposite behavior.

The pragma itself is useful because it reduces the amount of noise the
annotations introduce. When these annotations were adopted in Apple
SDKs, it was found that in practice most pointers are non-nullable. So
if we only had _Nonnull, we would have to annotate most pointers.
Instead, Apple's SDKs bracket every header contents with this pragma,
and instead annotate nullable pointers, significantly reducing the
amount of annotations.

_Null_unspecified is a way to say that nullability is complicated due
to legacy reasons (for example, a function may return NULL under
extremely rare circumstances that most users don't care about, so we
want to allow returning NULL, while suppressing warnings at the usage
site if the user assumes that the returned pointer is non-NULL). It
might have been useful for bringing certain legacy APIs into the
annotated world with more checks enabled. But right now it is used
extremely rarely in Apple's SDKs and therefore it is unclear to me
personally whether it really pulls its weight at this point.

Dmitri

-- 
main(i,j){for(i=2;;i++){for(j=2;j<i;j++){if(!(i%j)){j=0;break;}}if
(j){printf("%d\n",i);}}} /*Dmitri Gribenko <gribozavr@gmail.com>*/